Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.
Featured Analysis
Featured article analysis: You Got Phished? Of Course! You’re Human…
The BleepingComputer article, “You Got Phished? Of Course! You’re Human,” argues that phishing success is not a failure of intelligence or training, but an exploitation of fundamental human psychology. Rather than blaming users for carelessness, the article emphasizes that attackers have moved beyond technical vulnerabilities to “human exploitation.” By targeting universal traits such as the tendency to switch to autopilot during routine tasks or the desire to be helpful in high-pressure situations cybercriminals can bypass even the most robust technical defenses. The narrative shifts the perspective from phishing as a “user error” to an inevitable byproduct of the way our brains process information and emotions.
A central theme of the analysis is the sophisticated “industrialization” of phishing through timing and context. The article details how modern attackers utilize specific “windows of vulnerability,” such as a new employee’s eagerness to impress or a distracted commuter reacting to a sense of urgency. These social engineering tactics are further amplified by a growing underground economy where phishing-as-a-service (PhaaS) and AI-powered tools like “PhishGPT” allow even low-skill actors to launch highly personalized, scalable attacks. This evolution means that even security experts can fall victim when a message perfectly mimics an expected workflow or triggers a visceral emotional response.
Ultimately, the article calls for a more realistic approach to cybersecurity that moves away from shaming victims and toward building resilient, human-centric systems. It posits that because “vigilance is a habit, not a credential,” even the most educated individuals remain susceptible to well-timed lures. By acknowledging that being phished is a human reality rather than a personal failing, the article suggests that organizations should focus on implementing “phishing-resistant” authentication and layered defenses. The conclusion is both humbling and practical: as long as humans are behind the screen, the goal of security should be risk mitigation and rapid recovery rather than the impossible standard of human perfection.
Projects
- TryHackMe – FlareVM: Arsenal of Tools – In Progress
Articles
- ServiceNow BodySnatcher flaw highlights risks of rushed AI integrations – A vulnerability that impacts Now Assist AI Agents and Virtual Agent API applications could be exploited to create backdoor accounts with admin roles.
- Muddying the inbox: The hidden dangers of internal spearphishing – The latest ESET research sheds light on an advanced phishing technique that SOCs might find hard to catch.
- You Got Phished? Of Course! You’re Human…
- 2 Venezuelans Convicted in US for Using Malware to Hack ATMs – Dozens of Venezuelan nationals have been charged by the US for their role in ATM jackpotting attacks.
- Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access – Cybersecurity researchers have disclosed details of a new dual-vector campaign that leverages stolen credentials to deploy legitimate Remote Monitoring and Management (RMM) software for persistent remote access to compromised hosts.
- Under Armour Looking Into Data Breach Affecting Customers’ Email Addresses – Under Armour is investigating a recent data breach that purloined customers’ email addresses and other personal information.